TMCnet News

BakerHostetler Launches 2024 Data Security Incident Response Report, 'Persistent Threats, New Challenges'
[April 23, 2024]

BakerHostetler Launches 2024 Data Security Incident Response Report, 'Persistent Threats, New Challenges'

Following its fourth-time shortlisting by Chambers & Partners USA as a Privacy & Data Security Law Firm of the Year, BakerHostetler released its 2024 Data Security Incident Response Report. The 10th annual overview provides insights and metrics from the security incidents the firm managed in the prior year (more than 1,150 incidents in 2023). BakerHostetler is the only law firm to issue a report like this. The report also features insights and trends on AI, privacy, litigation, regulatory investigations, web tracking and more, along with additional analysis from various teams in the firm's Digital Assets and Data Management Practice Group. Businesses around the world use this report to help develop their cybersecurity measures, incident response plans and information governance practices.

This press release features multimedia. View the full release here:

(Graphic: Business Wire)

(Graphic: Business Wire)

Key takeaways:

  • Ransomware attacks continue (we saw over 300 ransomware events last year). But entities are more resilient - they are paying a ransom less often and restoring from the attack faster.
  • Regulatory enforcement and class action lawsuits related to pixels and other website tracking technologies surged in 2023, particularly in the health care industry (up 300% since 2022).
  • Breach disclosures led to litigation more often, even in small incidents. The likelihood of being sued after disclosing a breach continues to grow. More than 58 incidents disclosed in 2023 resulted in one or more lawsuits filed (compared with 42 in 2022).
  • The multiyear trend of significant supply chain attacks continues (SolarWinds, Blackbaud, MOVEit and now Change Healthcare). Strengthening vendor management programs is a tall task and an important one.

Why this report matters

It is a one-of-a-kind mix of aggregated data from security incidents and insights from the full suite of advisory services the firm provides across the entire data and technology life cycle.

Key quote

"We are proud that our DSIR Report is a sought-after resource that helps companies across the globe make risk-informed decisions about leveraging data and technology," said Theodore J. Kobus III, chair of BakerHostetler's DADM Practice Group. "Each year, we identify core IR data poits, how the threat landscape has changed, and timely topics like web tracking litigation, artificial intelligence and the state of regulatory investigations. It is a significant effort to produce this report each year, and doing so for 10 years demonstrates our commitment to being the leader in helping companies navigate this dynamic area."

Progress against ransomware attacks

Ransomware continues to be a significant problem - ransomware was used in 72% of network intrusions in 2023. Still, progress in avoiding and recovering more quickly from ransomware is evident in the 2024 report statistics. Extensive endpoint detection and response tool usage, patching, and resilient backup strategies help prevent attacks, mitigate the impact of those that do occur and enable restoration without the need to pay for a decryptor. In 2023, companies paid ransom in 27% of ransomware incidents (compared with 40% in 2022) and restoration occurred 25% faster.

Response metrics improve (again)

Incident response capabilities at companies (and the companies that support them) continue to mature. Network defenders detected and contained incidents faster. And the average cost for a forensic investigation declined to $78,138 (it was $90,335 in 2022). The primary drivers of these improvements are preexisting EDR tool deployment, more security information and event management utilization, and increased use of forensic triage packages. The average time for detection of a network intrusion incident in 2023 with an EDR tool deployed was 12 days compared with 19.7 days without an EDR tool.

Web tracking technologies continue to be target of regulatory action and lawsuits

Regulatory enforcement and class action lawsuits related to pixels and other web tracking technologies surged in 2023, particularly for health care organizations. More than 200 lawsuits have been filed against health care entities for their use of third-party web technologies, 75% of which were filed in 2023 ("only" 50 were filed in 2022). BakerHostetler is representing health care entities in over half of the pending health care pixel actions. Retailers and restaurants are also seeing tracking technology arbitration demands and lawsuits.

Threat actors are getting more creative, and AI is helping them

Business email compromises were the second-most-common type of incident. Threat actors continue to find ways to trick users into clicking on phishing links and then get past multi-factor authentication. AI tools are being used to enhance the efficacy of phishing emails.

MFA alone is not enough to secure access to email accounts (not only because it can be bypassed). Securing an email tenant involves complicated configuration efforts.

Several threat actors used sophisticated social engineering techniques, including SIM swapping, quishing (using QR codes in phishing emails) and smishing (using a text message to trick the recipient into downloading malware or disclosing sensitive information).

Key quote

"Our goal in producing the DSIR Report is to provide a resource that shows companies what actually occurs when a security incident happens to enable them to make data-informed decisions," said Craig Hoffman, co-leader of BakerHostetler's national Digital Risk Advisory and Cybersecurity team. "Companies do not have unlimited resources, so having a source of compromise-intelligence allows them to prioritize measures for the issues that are likely and impactful."

BakerHostetler's DADM Practice Group - made up of more than 100 attorneys and technologists - unites key service offerings and technologies intersecting with the life cycle of data. A globally recognized leader, the group boasts a roster that includes attorneys who have practiced in this space for more than two decades, former federal prosecutors, veteran in-house counsel and past government agency leaders. With eight top-tier rankings by Chambers USA and Legal 500, the DADM Practice Group is considered a powerhouse for cybersecurity, privacy, advertising, data governance and emerging technology matters. For more information, visit Connect with us on the social platform X at @BakerHostetler or on LinkedIn at @BakerHostetler, @TedKobus and @CraigHoffman.

About BakerHostetler

BakerHostetler helps clients around the world address their most complex and critical business and regulatory issues. Our highly ranked attorneys deliver sophisticated counsel and outstanding client service. We have six core practice groups - Business, Digital Assets and Data Management, Intellectual Property, Labor and Employment, Litigation, and Tax - and more than 1,000 lawyers. For more information, visit

[ Back To's Homepage ]